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MEMORANDUM FOR: Chief, Security Staff, OL 


STATINTL PROM: 
Systems Analysis Branch, E0O/OL 


- SUBJECT: — _ SECOND System Definition Study 


ee ake We are pleased to submit, for your approval, 
the attached System Definition Study for the SECOND 
project. This study was prepared as a joint effort 
by members of your staff and myself. 


2- If you would like SAB to follow up with a 
project proposal as outlined in the recommendation, 
please sign below and return the original copy. The 
current Computer Services Request (24A38ED}) will then 
be extended to include the project proposal. 


i 


3. I£ are any questions, please call me 
STATOTHR ~—s on extension 


| Al a 
CC STATINTL 


Attachment: System Definition Study 


CONCURRENCE: * 

os /s/ 9 od ot 

Chiek, SAB7EO/OL~ Date 
Chief, B Division, ODP | pate 
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SUBJECT: SECOND System Definition Study 


Distribution: 
‘Orig - Return to OL/EO/SAB (Official) w/att 


1 - C/B Div/ODP w/fatt 
Q)- C/SS/OL w/fatt 
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re INTRODUCTION 


This System Definition Study is in response to a 
_Kequest from the Director of Logistics, for Office of 

Data Processing (ODP) Support on the Industrial Security 

Program (SECOND). Included in this report is a description : 
of the current procedure, the problems with the current 
procedure, an enumeration of the system requirements and ( Swe 
a recommendation to automate the Industrial Security 
program. 
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If. MISSIONS AND OBJECTIVES 
: ee 


ee The Office of Logistics, Security Staff, (OL/SS) 
has been tasked with the responsibility of maintaining an 
industrial security program. The industrial security program 
was established to provide secure methods by which the 
Central Intelligence Agency may procure supplies, equipment, 
services, and conduct research and development outside the 
Agency with the least risk of exposing the classified pur- 
pose to unauthorized personnel. : 


ae OL/SS receives approximately eighty calls per 
day from interested persons and offices both internal and 
external to the Agency. In order to answer these inquiries 
in a timely manner and provide support to all using Agency 
components it is necessary to maintain manually a 3x5 card 
file of approximately 65,000 cards. Approximately 50 of 
the eighty calls per day require accessing the card file. 


wl - 3 : : > ‘4 . : <- ey e Pores, 


Approved For Release 2002/05/07 : CIA-RDP96B01172R000900020001-1 


. 
- 


~ 


Approved For R&téase 2002/05/07 : CIA-RDP96B01172R880900020001-1 


= 
~~ 


LII. DESCRIPTION OF CURRENT SYSTEM 


1.. The unique nature of the Agency's procurement 
methods place different and unusual requirements on the 
Agency's industrial security program. There are two areas 
of classification in the Agency's procurement methods: 


ae the relationship of the Agency to the 
contractor, i.e., whether the identity 
of the Agency as purchaser is classified; 


b. the classification of the work and reports 
of the end product. 


ork soe ; 
Zs When an Agency component levies a procurement 
requirement upon OL, the requirement normally specifies the 
Classification of both the Agency contractor relationship 
and the end product. If either aspect is classified the 
following takes place: 


a. OL/SS makes a manual review of its records 
' to determine whether the specified vendor 
has a current or prior classified relation- 
ship with the Agency. If no prior relation- 
ship exists the following steps are initiated; 


1. the corporate officer's name 
. ais run through Office of 
Security indices; 


2. the vendor will be contacted 
in person, utilizing CIA 
credentials; 


i the corporate officer will 
be told of the Agency interest 
. in doing business with them; 


4. requested to sign a secrecy 
agreement; and 2 


5. requested to provide sufficient 
-biographic data for security 
processing purposes. 
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b. If a prior relationship exists, the above 
process, 1 through 5, is performed as 
required to reinstate the contractor. 


3. Once the above steps are completed and the Office 
of Security issues an approval the corporate officials are 
visited once again, and requested to appoint a-corporate 
Security officer who will be OL/SS referent for the term 
of the contractual relationship. Thereafter, the bulk 
of OL/SS contact is with the corporate security officer 
- who will have been approved and briefed. He will be 
furnished with the Security Requirements for Contractors 
(Green Book) or Standard Security Procedures for Contrac- 
tors (White Book), a supply of Personal History Statements, 
Request for Industrial Security Approval forms, and 
codeword access, as appropriate. He will also have a 
Supply of Form 670 (index cards) which will ultimately 
comprise OL/SS records of Industrial Security Approval 
(ISA). : . 


6a, Once the contractor furnishes OL/SS with the 
required data to process an Industrial Security Approval 
(ISA), the following takes place; 


a. All documents are dated and forwarded to 
_ Security for processing; 


De A Form 670 (3x5 card) is filed in the pend- 
ing file; 

Cc. if Security grants the Industrial Security 

Approval: : 


1. the card is moved from the pending 
; file to the active file, two copies 
are kept, one alphabetical by name 

and one by contractor and name. 


2. Notify contractor. 


a. If Industrial Security Approval is not 
granted: ; 


Ll. Notify contractor; 


ae File disapproval notice. 
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5. The contractor continues to supply data to OL/SS 
as required by the regulations. If an employee leaves the 
company, transfers to another project, or the contract is 
completed, the Form 670 (3x5 card) is moved from the active 
file to the termination file. 


6. A liaison file is maintained for personnel in other 
Federal Agencies and departments on whom security liaison 
approvals requested by OL have been granted. 


de A Contact Approval file is maintained for personnel 
who are contacted before a_full Industrial Security Approval 
. is processed. aoe 


8. The information contained on Form 670 (3x5 card) 
in the system consist of the following: 


Name 
Date of Birth 
Place of Birth 
.SSN 
Security File Number 
Contractor Mame 
Contractor Address 
Job/Title 
DOD Clearance 
Level 
Date 
Industrial Security Aperewal 
. Level 
Approval Date 
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IV. PROBLEMS WITH THE CURRENT SYSTEM 
enna en 


1. Many problems can arise when handling a manual 
card system of this size. With the Industrial Security 
system the most prominent problems are the following: 


ae Ad hoc questions often require hours of 
searching cards, tallying and notekeeping, 
‘and typing detail listings after the infor- 
mation is collected. 


‘b. The current method of updating the cards 
_ is antiquated. Physical sorts are required, 
in that cards must be matched and Placed 
into the correct position in the appropriate 
file. As changes are processed the cards 
must be physically moved from one file to 
another. 


Cc. Cards are stored in OL/SS. Care must 
be taken that nothing happens to the cards; 
a dropped file would take hours of manual 
. work to reconstruct. : 


d. There are no standards to assure cards are 
not misfiled or lost. : 


e. There is no backup for the file. 
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V. ° USER REQUIREMENTS 


1. The present requirements for the Industrial — _ 
Security system are as follows: 


ae 


Conversion of present card files (ISA 
contractor personnel, pending file, tern- 
ination). 


Provide the Gaaniaty to query the data 

on any data element, or combination of data 
elements, within the database with an immediate 
response. Typical queries are: 


Ate What is the level of the ISA for John 
: Doe? 


2. What is John Doe's job title? 


Bs Has John Doe signed a secrecy 


agreement? a 

4. How many people working for the ABC 
Company in the Boston area have a aa’ 
Top Secret clearance, three years old FG 
ox older? space ii 


5. What is the facility approval status 
of the XYZ Company? 


The ability to update a database, (add, changscGip 
delete), approximately 700 transactions a ; 
month. 

Addition of five data elements: 

L< date briefed; 

26 date terminated; 

3. security agreement; 
4. facilityl"approval status; and 


42, le A 
5. facility, approval level/.5) 
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Produce preformatted alphabetical printout 
by individual names on request. ‘ 


Produce preformatted alphabetical printout 
by individual names within contractor on 
request. 

The ability to produce, on request, ad hoc 
reports. 


Provide a validation of all data recorded 


_in the system to ensure its accuracy. 


Provide the capability for reporting all 
deliquent security requests. 


Provide a method of backup in the event of 
primary data or system damage . 


2% _ System Elements: 


A list of required elements are as follows: 


ae 


b. 


Cc. 


NAME (Last, First, MI) 

Social Security Number 

Date of Birth 

Place of Birth 

Security File Number 

Contractor Name 

Contractor Address (Street, City, State, Zip) 
Job Title 

Work Location (Street, City, State, Zip) 
DOD Clearance (Date, Level) 

Industrial Security Approval (Date, Level) 


Date Briefed 
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™m. Date Terminated 


Oo. Facility Approval Status 


ps Facility Approval Level ; 
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VI. ALTERNATIVES 


1. In order to meet all the requirements of the 
customer, a database management system appears to be 
the most desirable solution. The database management 
system will’ permit the user to store, manipulate, retrieve 
and display quantities of data. 

2. There are three database management systems 
currently used within the Office of Data Processing (ODP), 
Rapid Access Management Information System (RAMIS), 
National Information Processing System (NIPS), and 
General Information Management System (GIMS). 


3. In search of a system to meet the requirements 
stated RAMIS and NIPS were rejected. 


3.1 RAMIS was rejected primarily because it 
has not yet proven itself in handling a 
moderately sized (approximately 35,000 
records) database. 


3.2 The NIPS system was rejected from considera- 

tion because it is strictly a batch system 
and will not support the rapid query cap- 
ability desired in the requirements. In 
addition, NIPS does not support an inter- 
file query capability. It should also 
be noted that if the system is impiemented 
in a NIPS batch mede and the user reguire- 
ments are not met, the system cannot be 
converted from batch to on-line mode with 
a minimal effort. 


4. GIMS is a database system that has a hierarchical 

data storage philosophy. In addition to data storage 

and retrieval, GIMS handles its own terminal communica- 
tions, printers and input/output methods. The database 

can be available in either a batch or an on-line mode. 

The report facility uses Basic Automatic Report Format 
(BARF) or special PL/I programs. An Industrial Security 
system under GIMS could have the following structure: 
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a. A pending file which would contain basic 
biographical data on personnel who have 
industrial security approvals in process. 

2S 


b, . A cleared contractor file which would 

. contain biographical data on personnel 
who have active industrial SECuEI EY. 
approvals... 


@ Atermination file which would contain 
- ‘biographical: data on personnel. who have 
at one time held an industrial security 

‘ approval. 


a. A name index file which would contain 

‘e names (last, first) of personnel in the 
cleared contractor file. This fila would 
provide the ability to query by name and 
receive a quick response on personnel 
who have an active approval. 


e. A contractor file which would contain 
data on the contractors who have personnel 
with industrial security approvals. 

£. The aulaiace would be available under the 
MVS/JES3 system in either the batch or an 
on-line mode. 


g. In the batch mode, GIM statements to up- 
date, query, and extract data would be. 
created in a file on the VM/370 svsten 
and batched to the GIM system through a 
Batchmon link. All output would then 
be printed under the JES3 system. 


h. In the on-line mode, data input would be 
accomplished directly through GIM supported 
menus displayed at the terminal and read 
by routines coded in the GIM procedure 
language. Ad hoc queries could be formed 
in GIM statements directly at the 
terminal with an immediate response to 
the same terminal. Copies of these queries 
can be printed at a Texas Instruments 
printer immediately connected to the 
terminal or at a printer connected to 
the computer running the GIM system. 
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VII. RECOMMENDATION 


A It is recommended that the SECOND system be 
implemented using the on-line GIMS database system for 
the following reasons: , 


ae 


d. 


The on-line GIM system will offer the 


user immediate updates through menu 
" input, and a prompt resolution of errors. 


Once the database is overational, the 
primary activity will be aueries. The 
GIMS user language is English like and 
will permit the user to access data 

without knowing how or where the data 


is stored. 


The GIMS off-line batch svstem was re- 
jected primarily because of the user 
requirement for immediate response to 
queries. Other considerations were, 
database and listings are always out of 
date because of projected frequent up- 
dates, an incorrect query is not detected 


until a listing is received, and ad hoc 


reports on a batch database can be cum- 
bersome. . 


Cost for the on-line and off-line systems 
is relatively equal. 


2. The GIM system has the capvability to more 

than adequately meet the requirements specified. How- 
ever, the user should be aware that the level of know- 
ledge needed by both the user and programmer to create 
and maintain the system is very high. Learning the GIM 
system is a non-trivial process and the user is required 
to learn the GIM query language, GIM data extraction 
process, and the basic VM commands. Use of ODP Training 
courses and SAB personnel's expertise should provide 

the necessary skills for OL/SS to operate the system. 
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3. GIMS had a bad track record prior to the re- 
lease of the 360/195 computer. Since its imolementation 
on a 370/168 we have experienced an average availability 
rate of 923. Response time is also currently acceptabie,. 


4. In summary, GIMS seems to be the only ODP 


database management system which has the capability 
to satisfy the requirements of this particular system, 
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VIII. COST AND TIME REQUIREMENTS 
RE EEN 


. 1. -FIt is estimated that this system will require 
8 months to develop and will cost approximately $34,510. 
A breakdown of cost is provided: : 


* TIME COST — MACHINE COST 

Verify Data Elements 40 Hrs $680 ee 
Prepare Menus 80 1360 $ 150 
Develop Procedures and 

Dictionaries - 960 16,320 12,000 
‘Develop BARF Reports 80 1360 1590 
User Testing and . 

Training - 120 2040 450 


2. Once the system is developed it is estimated 
that the conversion effort and full implementation will 
require 10 man-months for OL/SS to input data. The -- 
machine cost for conversion will be approximately $22,602. 
If the system is accepted it is recommended that other 
conversion methods be considered (i.e. IV Phase, key- 
punching) which may reduce the time and cost. 


3. The projected operating cost of this system 
after-implementation will be approximately $4,000 a 
month. : 
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